Nom du paquet
libxml2
Date
2008-09-11
Advisory ID
MDVSA-2008:192
Affected versions
CS4.0 i586 , CS4.0 x86_64 , 2008.0 i586 , 2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problem description

A heap-based buffer overflow was found in how libxml2 handled long
XML entity names. If an application linked against libxml2 processed
untrusted malformed XML content, it could cause the application to
crash or possibly execute arbitrary code (CVE-2008-3529).

The updated packages have been patched to prevent this issue.
As well, the patch to fix CVE-2008-3281 has been updated to remove
the hard-coded entity limit that was set to 5M, instead using XML
entity density heuristics. Many thanks to Daniel Veillard of Red Hat
for his hard work in tracking down and dealing with the edge cases
discovered with the initial fix to this issue.

Updated packages

CS4.0 i586

 74eea161b5519eef6c16b2407126a847  corporate/4.0/i586/libxml2-2.6.21-3.4.20060mlcs4.i586.rpm
 5d8d1e0e487022687c1c61fbaf91707e  corporate/4.0/i586/libxml2-devel-2.6.21-3.4.20060mlcs4.i586.rpm
 d5aa677468c9e8baae074a12f6c63c00  corporate/4.0/i586/libxml2-python-2.6.21-3.4.20060mlcs4.i586.rpm
 d51b4b902bb911be69f6a17aeb07d8cf  corporate/4.0/i586/libxml2-utils-2.6.21-3.4.20060mlcs4.i586.rpm 
 ce28651304236296e59d6d3be5525889  corporate/4.0/SRPMS/libxml2-2.6.21-3.4.20060mlcs4.src.rpm

CS4.0 x86_64

 812f2ae0ffa7a72546b07bd7de174453  corporate/4.0/x86_64/lib64xml2-2.6.21-3.4.20060mlcs4.x86_64.rpm
 23ae06098f957e46affa75220cac50af  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.4.20060mlcs4.x86_64.rpm
 93cb252dadfadd4249062f903e604f82  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.4.20060mlcs4.x86_64.rpm
 aeff512a1b349108017e93633fabcf08  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.4.20060mlcs4.x86_64.rpm 
 ce28651304236296e59d6d3be5525889  corporate/4.0/SRPMS/libxml2-2.6.21-3.4.20060mlcs4.src.rpm

2008.0 i586

 c53b40d9c7ebec036f9175c8f4e87b3b  2008.0/i586/libxml2_2-2.6.30-1.4mdv2008.0.i586.rpm
 4a4ed97086b52cab3bbd34fe4d7003a0  2008.0/i586/libxml2-devel-2.6.30-1.4mdv2008.0.i586.rpm
 d3898465dc2797a2b20be8310dd4f484  2008.0/i586/libxml2-python-2.6.30-1.4mdv2008.0.i586.rpm
 34c524fa03b470093bd0b0c679bcb9c4  2008.0/i586/libxml2-utils-2.6.30-1.4mdv2008.0.i586.rpm 
 2dc2f4732992e27aea4c5a098c631ae8  2008.0/SRPMS/libxml2-2.6.30-1.4mdv2008.0.src.rpm

2007.1 i586

 9250adec77a5118119d5000f2305540f  2007.1/i586/libxml2-2.6.27-3.4mdv2007.1.i586.rpm
 103dba08606f0038f3a9f4107ceba442  2007.1/i586/libxml2-devel-2.6.27-3.4mdv2007.1.i586.rpm
 a388bf596ef6725fb5baadb4e056a0bd  2007.1/i586/libxml2-python-2.6.27-3.4mdv2007.1.i586.rpm
 d2333e42a538101e36eab7d12467e08b  2007.1/i586/libxml2-utils-2.6.27-3.4mdv2007.1.i586.rpm 
 94a25c63f54693b7ac289223a6a3a687  2007.1/SRPMS/libxml2-2.6.27-3.4mdv2007.1.src.rpm

CS3.0 x86_64

 76e631bd88c68085dc2c5702235c2a99  corporate/3.0/x86_64/lib64xml2-2.6.6-1.5.C30mdk.x86_64.rpm
 827f9f5bc3a1b869353e3c09879ea432  corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.5.C30mdk.x86_64.rpm
 caafa3371f80f084e8a945b3114b4533  corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.5.C30mdk.x86_64.rpm
 e37a70f9cd13a7e00982387a9ba97726  corporate/3.0/x86_64/libxml2-utils-2.6.6-1.5.C30mdk.x86_64.rpm 
 c64826e1b31ed0c5d4514780ecd52e2e  corporate/3.0/SRPMS/libxml2-2.6.6-1.5.C30mdk.src.rpm

2008.0 x86_64

 20ac98b346a1f18b90504cb623c530d8  2008.0/x86_64/lib64xml2_2-2.6.30-1.4mdv2008.0.x86_64.rpm
 fd5907e801bf4f64ee79d097fcaec2b6  2008.0/x86_64/lib64xml2-devel-2.6.30-1.4mdv2008.0.x86_64.rpm
 20f45401e501b9639a9b53d82a4e031f  2008.0/x86_64/libxml2-python-2.6.30-1.4mdv2008.0.x86_64.rpm
 22be20e194ba2177a47d831ee8c82f47  2008.0/x86_64/libxml2-utils-2.6.30-1.4mdv2008.0.x86_64.rpm 
 2dc2f4732992e27aea4c5a098c631ae8  2008.0/SRPMS/libxml2-2.6.30-1.4mdv2008.0.src.rpm

CS3.0 i586

 82e733037c09b4b7770f5325c7ed1325  corporate/3.0/i586/libxml2-2.6.6-1.5.C30mdk.i586.rpm
 d66da7916f188883fd164cb250431bba  corporate/3.0/i586/libxml2-devel-2.6.6-1.5.C30mdk.i586.rpm
 5df28181424b19132bbff6afa872475a  corporate/3.0/i586/libxml2-python-2.6.6-1.5.C30mdk.i586.rpm
 f7a86c3be6e4926fa101386a9cbbcbdd  corporate/3.0/i586/libxml2-utils-2.6.6-1.5.C30mdk.i586.rpm 
 c64826e1b31ed0c5d4514780ecd52e2e  corporate/3.0/SRPMS/libxml2-2.6.6-1.5.C30mdk.src.rpm

2008.1 x86_64

 9d25e809ad31decb111a38301b2a74c1  2008.1/x86_64/lib64xml2_2-2.6.31-1.3mdv2008.1.x86_64.rpm
 f35af82dffc02628edb1ce03113c3ba0  2008.1/x86_64/lib64xml2-devel-2.6.31-1.3mdv2008.1.x86_64.rpm
 5819b393de9ff05be4d670c8e5d36080  2008.1/x86_64/libxml2-python-2.6.31-1.3mdv2008.1.x86_64.rpm
 fb670bfb1a1673f99f3c3fc3a72b7777  2008.1/x86_64/libxml2-utils-2.6.31-1.3mdv2008.1.x86_64.rpm 
 b1078a83185c1c97fada7ea5e97df753  2008.1/SRPMS/libxml2-2.6.31-1.3mdv2008.1.src.rpm

2008.1 i586

 61e96824adc6e61b2764bb3a85e2e76d  2008.1/i586/libxml2_2-2.6.31-1.3mdv2008.1.i586.rpm
 6d0cc51d32c7b6ecd609250aad302034  2008.1/i586/libxml2-devel-2.6.31-1.3mdv2008.1.i586.rpm
 1e7c4ddd30677789de05cc464dde9790  2008.1/i586/libxml2-python-2.6.31-1.3mdv2008.1.i586.rpm
 edd477e34b08f94956eeedd387b5e509  2008.1/i586/libxml2-utils-2.6.31-1.3mdv2008.1.i586.rpm 
 b1078a83185c1c97fada7ea5e97df753  2008.1/SRPMS/libxml2-2.6.31-1.3mdv2008.1.src.rpm

2007.1 x86_64

 343f8656039b69716fe712eeb2d1bf4e  2007.1/x86_64/lib64xml2-2.6.27-3.4mdv2007.1.x86_64.rpm
 320d8dd8245f5ec6db46bedaf07afb3e  2007.1/x86_64/lib64xml2-devel-2.6.27-3.4mdv2007.1.x86_64.rpm
 fb6f52df6831cda42db46502cc761475  2007.1/x86_64/lib64xml2-python-2.6.27-3.4mdv2007.1.x86_64.rpm
 8440fc08fee99f18a81a32035fac166a  2007.1/x86_64/libxml2-utils-2.6.27-3.4mdv2007.1.x86_64.rpm 
 94a25c63f54693b7ac289223a6a3a687  2007.1/SRPMS/libxml2-2.6.27-3.4mdv2007.1.src.rpm

References